Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ShoreTel Phones and MAC-Auth Service Policy

This thread has been viewed 2 times

  • 1.  ShoreTel Phones and MAC-Auth Service Policy

    Posted Jan 16, 2018 09:16 AM

    Scenario: ClearPass 6.7

    Switches: Cisco 3650 (3.0.6.06E) and Brocade FCX648S (8.0.30n) 

    We have a implemented a mac-auth service policy for Shoretel phones. The enforcement profile on this service assigns a RADIUS IETF Session Timeout value of 28800 (8 hours). On a Brocade switch in our lab using the same CP servers, the phones re-auth every 8 hours, as expected. However on a production switch with identical configuration the phones re-auth randomly, e.g. 1 hour, 45 minutes, 20 minutes, etc. We've not experienced this issue on Cisco switches. We've opened a case with HPE support and they are pointing to the switch as the issue. However, we've yet to identify the problem. Just curious if anyone else has experienced similar issues and found a resolution?



  • 2.  RE: ShoreTel Phones and MAC-Auth Service Policy

    Posted Jan 16, 2018 10:29 AM

    I don't have experience with Brocade switches. Can you share some output from the switch? Some other vendors always show the expected re-auth intervall for the client (show dot1x user | show aaa ... or similar?).



  • 3.  RE: ShoreTel Phones and MAC-Auth Service Policy

    Posted Jan 16, 2018 02:37 PM

    Unfortunately the Brocade, at least as far as I have found, has no command that will display the re-auth interval. I have verfied that CP is sending it but have no way of seeing that the switch is actually utilizing it. Thanks for your response.